The hackers who were caught carrying out a cyberattack on Eindhoven University of Technology (TU/e) in January had been accessing the computer network undetected for days. To break into the university’s IT environment, they used passwords from hacked accounts that were reused.
On Saturday night, January 11th, 2025, TU/e security experts noticed a cyberattack on the university’s IT systems. Because the situation became too threatening, they decided to take the entire network offline. Education came to a standstill for a week.
After an extensive cleanup and recovery operation, the university brought the network back online, and classes were back in session. Forensic investigation showed that no data had been stolen. In addition, no ransom was paid. However, the impact on the organization was enormous.
The Eindhoven University of Technology hired Fox-IT to investigate how this could have happened and what could be done to prevent recurrence.
On Monday, the cybersecurity firm published a report containing the most important findings.
Security experts found that the attackers used hacked VPN accounts to gain access to the university’s IT environment. It was known that these accounts were compromised. The university asked the account holders to change their passwords, but instead, they reused their old passwords. This was not automatically corrected by the software.
Furthermore, the hackers had access to the TU/e network for the five days between January 6th and January 11th. However, during that period, they didn’t leave many forensic traces of activity. Also, the VPN accounts didn’t have multi-factor authentication. This was scheduled to be implemented in the first half of 2025.
Lastly, the attackers were able to retrieve crucial data from one of the TU/e domain controllers. Security experts believe that the attackers obtained access to that account through a network-based attack technique known as a forced authentication coercion attack.
Fox-IT is positive about the university’s performance during the cyberattack. “TU/e demonstrated exemplary incident response and crisis management, responding rapidly and effectively even during the challenging hours of a weekend night. This swift action serves as a model for other organizations.”
To do even better in the future, Fox-IT recommends that certain procedures, practices, and mandates be better documented so that there is greater clarity on how to act in the event of a future crisis.
Your email address will not be published. Required fields are markedmarked